Three of the most detrimental attacks would be the password stealing attack, the app swapping attack, and the app fake upgrade attack. The first is the password stealing attack. It injects a javascript prompt to the victim’s iOS device that asks the user to input their password. The prompt is initiated when the user opens up the App Store. Unsuspecting users will be deceived by the geniune looking prompt and will have their inputted password sent straight to the hacker’s system.
The second is the app swapping attack. The hacker is able to swap the app the user is trying to download or purchase with an app of their own. While it looks like the app being downloaded is the one the user chose, once the download is finished, they will be greeted by the swapped app. The hacker could abuse this attack to generate money for themselves, or by causing the user to pay a lot of money on a very expensive app.
The final attack would be the fake app upgrade, which works similarly with the app swapping attack. The hacker will insert a fake upgrade into the user’s App Store that causes the user to install the app instead. Bursztein’s report provides a wake-up call to Apple and developers alike in the importance of security. It also helps raise user awareness to any potential cyber attacks to their devices. Having your password stolen, paying a fortune on a swapped app, or having your privacy leaked to a stalker is a nightmare for anyone.
[via Elie Bursztein]
No comments:
Post a Comment